The newer firewire-core driver exposes per-device character device files,
called /dev/fw*, in contrast to the older raw1394, video1394, dv1394
drivers which created one global /dev/raw1394 and per controller/ per
format files.
This allows to set ownership, permissions, or/ and access control lists
for each device file based on device type markers obtained from sysfs.
For example, access to the device file of a video camera could be allowed
to users who belong to a "video" group, while files of other device types
(storage devices, local node...) remain accessible only to root by default.
This is what this change implements.
[Another approach has been implemented by Fedora's rules, an additional
script, and presumably PolicyKit: The script creates symlinks whose names
reflect the device type, and then the current console owner is added to
the ACLs of the device files based on name patterns of the symlinks.]
There is a catch though: The device capabilities are shown in child
devices of the actual devices which provide the character device files.
Hence the charcter device files already exist when the "add" events happen
from which we get the device type (the so-called unit architecture).
Therefore the 'PROGRAM=/bin/chgrp...' directive is used instead of a
simple 'GROUP=...' directive.
Signed-off-by: Stefan Richter <stefanr@xxxxxxxxxxxxxxxxx>
---
rules/rules.d/50-udev-default.rules | 8 +++++++-
1 files changed, 7 insertions(+), 1 deletions(-)
diff --git a/rules/rules.d/50-udev-default.rules b/rules/rules.d/50-udev-default.rules
index 87c8977..9df0140 100644
--- a/rules/rules.d/50-udev-default.rules
+++ b/rules/rules.d/50-udev-default.rules
@@ -43,10 +43,16 @@ SUBSYSTEM=="drm", GROUP="video"
# DVB (video)
SUBSYSTEM=="dvb", ENV{DVB_ADAPTER_NUM}=="?*", NAME="dvb/adapter$env{DVB_ADAPTER_NUM}/$env{DVB_DEVICE_TYPE}$env{DVB_DEVICE_NUM}", GROUP="video"
-# Firewire
+# Firewire, old driver stack
KERNEL=="dv1394-[0-9]*", NAME="dv1394/%n", GROUP="video"
KERNEL=="video1394-[0-9]*", NAME="video1394/%n", GROUP="video"
+# Firewire, new driver stack
+# IIDC devices: industrial cameras and some webcams
+SUBSYSTEM=="firewire", ATTR{specifier_id}=="0x00a02d", ATTR{version}=="0x00010?", PROGRAM="/bin/chgrp video /dev/%P"
+# AV/C devices: camcorders, set-top boxes, TV sets, various audio devices, and more
+SUBSYSTEM=="firewire", ATTR{specifier_id}=="0x00a02d", ATTR{version}=="0x010001", PROGRAM="/bin/chgrp video /dev/%P"
+
# libusb device nodes
SUBSYSTEM=="usb", ENV{DEVTYPE}=="usb_device", NAME="bus/usb/$env{BUSNUM}/$env{DEVNUM}", MODE="0664"
--
Stefan Richter
-=====-==--= -=-= =-=-=
http://arcgraph.de/sr/
--
To unsubscribe from this list: send the line "unsubscribe linux-hotplug" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
